Re: [exim] Verifying an ACL

Top Page
Delete this message
Reply to this message
Author: Michael Sprague
Date:  
To: exim-users
Subject: Re: [exim] Verifying an ACL
jean-paul natola wrote:
> Hi everyone,
>
> I *thought* I had succeeded in implementing an ACL that would tell EXIM not to scan messages over 1 MB-
>
> I followed the feedback I got here , and applied this to my configure
>
> in the MAIN section I added
>
> SCAN_MAX = 1M
>
>
> and then in the ACL CONFIGURATION section I added this
>
> warn condition  = ${if >{$message_size}{SCAN_MAX} {true}}message     = X-Oversize: Message too large to scan.log_message = D18S3 Passed unscanned - exceeds SCAN_MAXset acl_m19 = 1

>
> Now I sent myself a message from outside that was over 1 meg and here are the headers;
>
> IF it indeed was to too large to scan - then I should not have had any score correct?
>
>
> X-Oversize: Message too large to scan.X-Spam-Score: -95.1 (---------------------------------------------------)X-Spam-Report: Spam detection software, running on the system "milter.fci", has identified this incoming email as possible spam.  The original message has been attached to this so you can view it (if it isn't spam) or label similar future email.  If you have any questions, see The administrator of that system for details. Content preview:  Download Messenger. Start an i’m conversation. Support a cause. Join now. http://im.live.com/messenger/im/home/?source=TAGWL_MAY07 Download Messenger. Start an i’m conversation. Support a cause. Join Now! [...]  Content analysis details:   (-95.1 points, 5.0 required) pts rule name              description ---- ---------------------- -------------------------------------------------- -100 USER_IN_WHITELIST      From: address is in the user's white-list 2.3 FORGED_HOTMAIL_RCVD    Forged hotmail.com 'Received:' header found 0.0 HTML_MESSAGE           BODY: HTML included in message -1.1 BAYES_05               BODY: Bayesian spam probability is 1 to 5% [score: 0..0401] 0.2 MIME_BASE64_NO_NAME    RAW: base64 attachment does not have a file name 0.5 RAZOR2_CHECK           Listed in Razor2 (http://razor.sf.net/) 0.2 DNS_FROM_RFC_ABUSE     RBL: Envelope sender in abuse.rfc-ignorant.org 1..7 DNS_FROM_RFC_POST      RBL: Envelope sender in postmaster.rfc-ignorant.org 1.8 MISSING_SUBJECT        Missing Subject: header -0.7 AWL                    AWL: From: address is in the auto whit
> _________________________________________________________________
> Create the ultimate e-mail address book. Import your contacts to Windows Live Hotmail.
> www.windowslive-hotmail.com/learnmore/managemail2.html?locale=en-us&ocid=TXT_TAGLM_HMWL_reten_impcont_0507

>


That ACL just sets some headers and then continues on. You need to tell
the ACL to accept so it will not process any more ACLs. For example, I
have a line like this right before my spamd ACL:

accept
condition = ${if >{$message_size}{1M}{true}{false}}

Or you could do it as a condition in an ACL itself. For example, I have
this line in my malware ACL:

discard
  condition   = ${if <{$message_size}{1m}{true}{false}}
  malware     = */defer_ok
  log_message = VIRUS ($malware_name)


Hope that helps,
mikeS

-- 
Michael F. Sprague     | mfs@???
http://www.saneinc.net | Provider of SpamOnion anti-spam service
System and Network Engineering (SaNE), Inc